PT-2019-6785 · Red Hat · Red Hat Openstack Platform+1

Kurt Seifried

Published

2019-12-30

Updated

2021-03-09

CVE-2012-5474

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Hat OpenStack Platform versions 2.0 python-django-horizon package versions prior to 2012.1.1

Description The issue concerns a file, /etc/openstack-dashboard/local settings, that is world readable. This exposes the secret key value.

Recommendations For Red Hat OpenStack Platform version 2.0, update the python-django-horizon package to version 2012.1.1 or later. For python-django-horizon package versions prior to 2012.1.1, update to version 2012.1.1 or later.

Exploit

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2012-5474

Affected Products

Red Hat Openstack Platform

Python-Django-Horizon

PT-2019-6785 · Red Hat · Red Hat Openstack Platform+1

CVE-2012-5474

Weakness Enumeration

Related Identifiers

Affected Products

References · 8